Welcome to Community Answers

Asking on behalf of our Virtual Infrastructe Team – has anyone used something like https://support.microsoft.com/en-gb/help/4074629/understanding-the-output-of-get-speculationcontrolsettings-powershell to get a dashboard of monitored servers that are vulnerable/protected? Or any other clever way of discovering?

2 answers

What we did as a quick fix was to run the PowerShell module Remotely on all servers, and enter the scan results in the registry, in keys that we have Our System Center Config Manager gather. That way we can create reports and also target systems With fixes.

An off the cuff option is to add the PS script as a task and have it run on demand from a perspective. It does, unfortunately, mean running it on a server by server basis, but at a glance, it could be useful.

Ørnulf seems to have the right idea though, outputting the results to the registry on each server would make the most logical sense. You could have a SCOM MP discover the registry keys (rather than SCCM) and then write a SQL query to pull back the results. Depends on which is more in line with your skill set.